Lucene search

Veracode Vulnerability DatabaseVERACODE:47488

HistoryJun 12, 2024 - 6:45 a.m.

Cross Site Scripting (XSS)

2024-06-1206:45:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

getformwork

formwork

cross site scripting

xss

user input validation

meta.php

vulnerability

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.2%

JSON

getformwork/formwork is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper user input validation within meta.php, which allows an attacker to perform XSS.

CPENameOperatorVersion
getformwork/formworkeq2.0.0-beta.1
getformwork/formworkle1.13.0
getformwork/formworkeq2.0.0-beta.1
getformwork/formworkle1.13.0

Name	Operator	Version
getformwork/formwork	eq	2.0.0-beta.1
getformwork/formwork	le	1.13.0
getformwork/formwork	eq	2.0.0-beta.1
getformwork/formwork	le	1.13.0

References

github.com/advisories/GHSA-5pxr-7m4j-jjc6

github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0b

github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5

github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6